Please do not open public issues for vulnerabilities or leaked credentials.

Report security concerns privately through the official Plugin Portal support channel or directly to the project owner. Include:

• A short summary.
• Affected command, endpoint, or workflow.
• Reproduction steps or proof of impact.
• Logs with API keys, device tokens, websocket tokens, and license keys redacted.

Never include Plugin Portal API keys, Polymart tokens, MCLicense keys, websocket tokens, server addresses, or private support dumps in public issues.